iiNet investigates alleged Westnet data breach

iiNet has said that it is investigating a potential database hack on its subsidiary Westnet that could have seen passwords, email addresses, and other personal information compromised and sold to the highest bidder.

Australia's third-largest internet service provider, iiNet, is investigating claims that a database held by its subsidiary, Westnet, has been hacked and is being offered for sale.

Westnet -- one of just a few subsidiary brands that iiNet has retained since its 2008 purchase due to its strong presence in the company's home state of Perth -- was alleged to have had a database compromised, with reports that the leaked database, which included plain-text passwords, was being offered for sale by a hacker under the name of Mufasa.

At the time of writing, iiNet had not publicly confirmed whether a database had been compromised, but CIO Matthew Toohey said the company is investigating it.

"We've been made aware of a possible security breach on a Westnet system, and are currently investigating. Our customers' privacy and security is our highest priority, and we will advise customers if any action is required," Toohey said in a statement provided to ZDNet.

The company has also begun advising customers to change their passwords, according to an email posted to broadband enthusiast website Whirlpool.

Toohey confirmed in the email that there had been "an incident" that could have resulted in unauthorised access to customer information stored on the company's servers.

"Although this unauthorised access has now been blocked and reported to relevant law-enforcement agencies, an investigation has confirmed there was a period in which details associated with your Westnet account were accessible by a third party," Toohey stated in the email.

The company said usernames, addresses, telephone numbers, and passwords could have been compromised, but payment details were not stored on the now-deactivated server.

Toohey has advised customers to change the passwords associated with Westnet email addresses.

The systems of companies acquired by iiNet have caused headaches for the company in the past. In 2014, iiNet confirmed that the TransACT network had come under attack through the subsidiary's legacy email servers.

Rival telecommunications company TPG is currently leading a bidding war for iiNet against M2.